Software Development Security

Question 1

Scanner

Answer 1

A program that identifies known viruses and removes the viruses or repairs infected objects.

Question 2

Heuristic Scanner

Answer 2

A program that intelligently analyzes unknown code to identify suspicious commands and code sections

Question 3

Activity Monitor

Answer 3

A program that monitors systems and programs for suspicious activity.

Question 4

Change detection software

Answer 4

A program that stores baseline system information and then periodically checks for suspicious changes from the baseline values.

Question 5

What are 2 countermeasures for a brute force attack?

Answer 5

Implement strict access controls

keep password length to a minimum of 8 characters

Question 6

Code that a specific event triggers and that destroys data stored on a system’s hard disk

Answer 6

logic bomb

Question 7

Code that may simultaneously attack the book sector and the executable files of a system

Answer 7

virus

Question 8

Code embedded in a program and often used to promote backdoor attacks to access system resources

Answer 8

trojan

Question 9

Rapidly replicating code that takes control of a system consuming vital network resources

Answer 9

worm

Question 10

What is the purpose of software forensics in protecting system and data security?

Answer 10

To analyze code for characteristics of authorship and intent used as evidence against attackers and to minimize damage in future attacks.

Question 11

What characteristics of current software development make information security difficult?

Answer 11

Complexity of modern applications

increased sharing of code and other resources

Question 12

Low level languages

Answer 12

first and second generation languages

Question 13

High level languages

Answer 13

third through fifth generation

Question 14

When programming with high level languages, which factors can contribute to security weaknesses?

Answer 14

Automatic memory allocation and deallocation

A security management system with limited options

Question 15

Define hackers

Answer 15

individuals or organizations who attempt to gain unauthorized access to information systems and network resources

Question 16

Define crackers

Answer 16

individuals or organizations who break into computer systems by breaching security. Often a crackers motive is altruistic.

Question 17

What are the 6 types of DoS attacks?

Answer 17

smurf and fraggle
SYN flood
teardrop
distributed DoS
DNS DoS
Cache poisoning

Question 18

Define smurf attack

Answer 18

sends ICMP packets to multiple computers which in turn reply to the single computer

Question 19

Define fraggle attack

Answer 19

smurf attack which uses UDP instead of ICMP

Question 20

Defenses against smurf and fraggle attacks

Answer 20

setup a firewall to block all broadcast and ICMP messages
configure all computers to drop ICMP messages
turn off the directed broadcast capability of the router
implement an IDS
Install latest patches

Question 21

Define SYN flood attack

Answer 21

Waged by not sending the final ACK message

Question 22

Defenses against a SYN flood attack

Answer 22

setup a firewall to limit the number of connection requests
implement and IDS
use SYN cookies to avoid the allocation of resources to half opened connections
install latest patches

Question 23

Define teardrop attack

Answer 23

exploits bug in OS routine to reassemble fragmented packets

Question 24

Defenses against teardrop attack

Answer 24

merge all fragmented packets in a full packet before routing them to the target system
Implement IDS to detect fragmented packets

Question 25

Defenses against DDoS attack

Answer 25

Scan the computers to identify if the attack software is installed
Access the log files on which the client attack software is installed to determine the location of the attacker
disable unused services on systems
install a firewall and IDS

Question 26

Define DNS DoS

Answer 26

Attacker changes the IP of a host to a malicious host

Question 27

Defenses against DNS DoS

Answer 27

Implement a secure DNS
Update DNS version
Configure DNS servers for internal and external public records

Question 28

Define cache poisoning

Answer 28

Attacker can’t update DNS record, so false data is entered into the cache

Question 29

Defenses against cache poisoning

Answer 29

configure DNS servers
Use DNSSecurity extensions DNSSEC
Use HTTPS to validate certificate

Question 30

Defenses against brute force attacks

Answer 30

Keep the password length to a min of 8 characters
lock the account after a specified number of unsuccessful attempts
implement strict access controls to reduce the occurrence of such attacks

Question 31

Defenses against dictionary attacks

Answer 31

use one-time password authentication
Use a password policy to enforce password rotation and hard to guess passwords
cracking tools to identify weak passwords
Implement and IDS

Question 32

Defenses against spoofing attacks

Answer 32

configure the firewall to discard packets that contain private addressing
avoid using reserved IP addresses
use egress in ingress filtering
Implement an IPS

Question 33

Defense against a buffer overflow attack

Answer 33

use the bound checking mechanism in program code to check the length of the input variable
Install latest updates

Question 34

Define between the lines entry attack

Answer 34

An attacker taps the temporarily inactive terminal of a legitimate user in an unauthorized manner.

Question 35

Define NAK negative acknowledgement attacks

Answer 35

an attacker capitalizes on an operating system’s failure to suitably handle NAK packets.

Question 36

Define line disconnect attacks

Answer 36

An attacker accesses and uses the communication line of a user who is trying to terminate his communication session.

Question 37

Define pseudo-flaw attacks

Answer 37

loopholes developers insert to trap attackers and track the source of an attack.

Question 38

Define TOC/TOU attack

Answer 38

Time of Check
Time of Use
attack occurs when program checks access permissions in advance of a resource request.

Question 39

Covert channel

Answer 39

a communication path that allows a process to transmit information in a way that violates system policy

Question 40

File infector virus

Answer 40

attacks exe, com files

Question 41

boot sector virus

Answer 41

attacks boot sector

Question 42

multipartite

Answer 42

multi-part virus combines executable and boot sector viruses

Question 43

script virus

Answer 43

written using script languages

Question 44

encrypted virus

Answer 44

virus detection routine and encrypted virus body.

Question 45

macro virus

Answer 45

attacks documents

Question 46

polymorphic virus

Answer 46

virus body, decryption routine, mutation engine

Question 47

companion virus

Answer 47

spawning virus creates a file of the same name in the same directory but with a different extension. The virus file will have an extension the system will open first.

Question 48

Virus defenses

Answer 48

Anti-virus software
IDS
Don’t open unidentified email attachments

Question 49

For which reasons is software forensics value for protecting information security?

Answer 49

It can help identify the authors of malicious code
The information it provides can be used to strengthen protection against future attacks
It can help prove intellectual ownership and assist in the recovery of lost source code.

Question 50

Object Linking and Embedding

Answer 50

Links data objects into or from multiple files or sources on a computer and segregates data into interoperable components

Question 51

eXtensible Markup Language

Answer 51

Displays the data in a standard format independently of the database or application.

Question 52

ODBC

Answer 52

Tracks the required database driver for the application and translates the application requests into database commands.

Question 53

JDBC

Answer 53

Allows you to connect to and access information from a database using java programs or ODBC

Question 54

ADO ActiveX Data Objects

Answer 54

Helps users to write programs that access relational and non-relational database.

Question 55

OLTP - Online transaction processing

Answer 55

Records all the business transactions of the organization as they occur and helps in the real-time processing of SQL transactions.

Question 56

What are the characteristics of neural networks?

Answer 56

resembles a human nervous system

processes information simultaneously

Question 57

Follows 5 main phases in sequence: changes are made only after process completion.

Answer 57

waterfall model

Question 58

A rough system is created, tested, and evaluated to discover improvement possibilities

Answer 58

prototype model

Question 59

Follows 5 sequential phases that contain planning, implementing, checking, and acting steps

Answer 59

Spiral model

Question 60

Creates a system based on logical assumptions

Answer 60

exploratory model

Question 61

previously created components are exported or modified to create a new system

Answer 61

reuse model

Question 62

4 advantages of a neural network

Answer 62

adaptive learning
self-organization
real-time operation
fault-tolerance via redundant information coding

Question 63

Expert System

Answer 63

follows rule based programming

draws an inference to derive a fact

Question 64

7 stages of SDLC

Answer 64

project initiation
defining functional objects
defining system requirements
developing and implementing
recording and documenting
testing and evaluating
producing and installing

Question 65

Follows sequential phases that include 4 in-built steps in each phase

Answer 65

spiral

Question 66

Follows sequential steps where changes can only be made once the whole process is complete

Answer 66

waterfall

Question 67

evaluates and authorizes the system at each sequential step

Answer 67

structured programming development

Question 68

focuses on preventing inconsistencies in the initial planning so that time is saved in the testing phase

Answer 68

cleanroom

Question 69

What kind of data model stores data in blocks?

Answer 69

object oriented

Question 70

A child node has multiple parent nodes in what data model?

Answer 70

network

Question 71

A child node has only 1 parent node in what data model?

Answer 71

hierarchical

Question 72

Data is stored in tables in what data model?

Answer 72

relational

Question 73

Data is stored in multiple databases across different locations in what data model?

Answer 73

distributed

Question 74

polyinstantiation

Answer 74

an event that occurs when multiple rows in the same table have identical primary key elements but with each being distinguished by a different security level.

Question 75

Uses for polyinstantiation

Answer 75

retain the integrity of all copies of the information in a database
store confidential data at multiple locations within the database
defend against some types of inference attacks

Question 76

maintenance phase begins with constant revisions when the system is implemented in what model?

Answer 76

modified prototype

Question 77

The key objective of application security is to ensure
A. that the software is hacker proof
B. the confidentiality, integrity, and availability of data
C. accountability of software and user activity
D. prevent data theft

Answer 77

B. the confidentiality, integrity, and availability of data

Question 78

For an application security program to be effective within an organization, it is critical to
A. identify regulatory and compliance requirements
B. educate the software development organization the impact of insecure programming.
C. develop the security policy that can be enforced
D. properly test all the software that is developed by your organization for security vulnerabilities.

Answer 78

C. develop the security policy that can be enforced

Question 79

The best defense against session hijacking and man in the middle attacks is to use which of the following in the development of software
A. unique and random identification
B. use prepared statements and procedures
C. database views
D encryption

Answer 79

A. unique and random identification

Question 80

An important characteristic of bytecode is that is
A. has increased secure inherently due to sandboxing
B. manages memory operations automatically
C. is more difficult to reverse engineer
D. is faster than interpreted languages

Answer 80

D. is faster than interpreted languages

Question 81

Two cooperating processes that simultaneously compete for a shared resource in such a way that they violate the system's security policy is commonly known as 
A. covert channel
B. denial of service
C. overt channel
D. object reuse

Answer 81

A. covert channel

Question 82

An organization has a website with a guest book feature, where visitors to the web site can input their names and comments about the organization.  Each time the guest book page loads, a message box is prompted with the message "you have been powned' followed by redirection to a different website.  Analysis reveals that no input validation or output encoding is being performed by the web application.  This is the basis for which type of attack?
A. denial of service
B. cross site scripting
C. malicious file execution
D. injection flaws

Answer 82

B. cross site scripting

Question 83

The art of influencing people to divulge sensitive information about themselves or their organization by either coercion or masquerading as a valid entity is known as
A. dumpster diving
B. shoulder surfing
C. phishing
D. social engineering

Answer 83

D. social engineering

Question 84

An organization's server audit logs indicate that an employee that was terminated in the morning was still able to access certain sensitive resource on his system, on the internal network, that afternoon.  The logs indicate that the employee had logged on successfully before he was terminated but there is no record of him logging off before he was terminated.  This is an example of which type of attack?
A. Time Of Check/Time Of Use
B. Logic Bomb
C. remote-access trojans
D. phishing

Answer 84

A. Time Of Check/Time Of Use

Question 85

The most effective defense against a buffer overflow attack is
A. disallowing dynamic construction of queries
B. bounds checking
C. encoding output
D. forced garbage collection

Answer 85

B. bounds checking

Question 86

It is extremely important that as one follows a software development project, security activities are performed
A. before release to production, so that the project is not delayed
B. if a vulnerability is detected in your software
C. in each stage of the life cycle
D. when management mandates it

Answer 86

C. in each stage of the life cycle

Question 87

Audit logs are which type of control?
A. preventative
B. detective
C. compensating
D. corrective

Answer 87

B. detective

Question 88

Who can enforce the separation of duties by ensuring that programmers do not have access to production code?
A. operations personnel
B. software librarian
C. management
D. quality assurance personnel

Answer 88

B. software librarian

Question 89

The technical evaluation of assurance to ensure that security requirements have been met is known as
A. accreditation
B. certification
C. validation
D. verification

Answer 89

B. certification

Question 90

Defect prevention rather than defect removal is characteristic of which of the following software development methodology
A. CASE
B. Spiral
C. Waterfall
D. cleanroom

Answer 90

D. cleanroom

Question 91

A security protection mechanism in which untrusted code, which is not signed is restricted from accessing system resources is known as 
A. sandboxing
B. non-repudication
C. separation of duties
D. obfuscation

Answer 91

A. sandboxing

Question 92

A program that does not reproduce itself but pretends to be performing a legitimate action, while actually performing malicious operations in the background is the characteristic of which of the following?
A. Worms
B. trapdoor
C. virus
D. trojan

Answer 92

D. trojan

Question 93

A plot to take insignificant pennies from a user's bank account and move them to the attacker's bank account is an example of 
A. social engineering
B. salami attack
C. pranks
D. hoaxes

Answer 93

B. salami attack

Question 94

Role based access control to protect confidentiality of data in databases can be best achieved through the following?
A. views
B. encryption
C. hashing
D masking

Answer 94

A. views

Question 95

The two most dangerous types of attacks against databases containing disparate non-sensitive information are
A. injection and scripting
B. session hijacking and cookie poisoning
C. aggregation and inference
D. bypassing authentication and insecure cryptography

Answer 95

C. aggregation and inference

Question 96

A property that ensures only valid or legal transactions that do not violate any user defined integrity constraints in DBMS technologies is known as
A. atomicity
B. consistency
C. isolation
D. durability

Answer 96

B. consistency

Question 97

expert systems are comprised of a knowledge base containing modeled human experience and which of the following?
A. inference engine
B. statistical models
C. neural networks
D. roles

Answer 97

A. inference engine

Question 98

Data marts, databases, and data warehouses have distinct characteristics. Which of the following does not correctly describe a data warehouse?
A. It could increase the risk of privacy violations
B. It is developed to carry out analysis
C. It contains data from several different sources
D. It is created and used for project based tactical reasons.

Answer 98

D. It is created and used for project based tactical reasons.

Question 99

Database software should meet the requirements of what is known as the ACID test. Why should database software carry out atomic transactions, which is one requirement of the ACID test when OLTP is used?
A. So the rules for database integrity can be established
B. So that the database performs transactions as a single unit without interruption
C. To ensure that rollbacks cannot take place.
D. To prevent concurrent processes from interacting with each other.

Answer 99

B. So that the database performs transactions as a single unit without interruption

Question 100

What does the ACID stand for?

Answer 100

Atomicity
Consistency
Isolation
Durability

Question 101

What does atomicity mean in relation to database software?

Answer 101

Divide transactions into units of work and ensures that all modifications take effect or none takes effect. Either the changes are committed or the database is rolled back.

Question 102

What does consistency mean in relation to database software?

Answer 102

A transaction must follow the integrity policy developed for that particular database and ensure all data are consistent in the different database.

Question 103

What does isolation mean in relation to database software?

Answer 103

Transactions execute in isolation until completed, without interacting with other transactions. The results of the modification are not available until the transaction is completed.

Question 104

What does durability mean in relation to database software?

Answer 104

Once the transaction is verified as accurate on all systems, it is committed, and the databases cannot be rolled back.

Question 105

Lisa has learned that most databases implement concurrency controls. What is concurrency and why must it be controlled?
A. Processes running in different levels, which can negatively affect the integrity of the database if not properly controlled.
B. The ability to deduce new information from reviewing accessible data, which can allow an inference attack to take place.
C. Processes running simultaneously, which can negatively affect the integrity of the database if not properly controlled.
D. Storing data in more than one place within a database, which can negatively affect the integrity of the database if not properly controlled.

Answer 105

C. Processes running simultaneously, which can negatively affect the integrity of the database if not properly controlled.

Question 106

What is the name of the procedure which minimizes duplication and inconsistencies?
A. Polymorphism
B. Normalization
C. Implementation of database views
D. Constructing schema

Answer 106

B. Normalization

Question 107

Which of the following correctly best describes an object-oriented database?
A. When an application queries for data, it receives both the data and the procedure.
B. It is structured similarly to a mesh network for redundancy and fast data retrieval.
C. Subject must have knowledge of the well-defined access path in order to access data.
D. The relationships between data entities provide the framework for organizing data.

Answer 107

A. When an application queries for data, it receives both the data and the procedure.

Question 108

Fred has been told he needs to test a component of the new content management application under development to validate its data structure, logic, and boundary conditions.  What type of testing should he carry out?
A. Acceptance testing
B. Regression testing
C. Integration testing
D. Unit testing

Answer 108

D. Unit testing

Question 109

What is acceptance testing?

Answer 109

Testing to ensure code meets customer requirements.

Question 110

What is regression testing?

Answer 110

Retesting a system after a change has taken place.

Question 111

Which of the following is the best description of a component-based system development method?
A. Components periodically revisit previous stages to update and verify design requirements
B. Minimizes the use of arbitrary transfer control statements between components.
C. Uses independent and standardized modules that are assembled into serviceable programs
D. Implemented in module-based scenarios requiring adaptions to changing client requirements.

Answer 111

C. Uses independent and standardized modules that are assembled into serviceable programs

Question 112

Which of the following is not a correct description of a polymorphic virus?
A. Intercepts antivirus’s call to the operating system for file and system information.
B. Varies the sequence of its instructions using noise, a mutation engine, or random number generator.
C. Can use different encryption schemes requiring different decryption routines.
D. Produces multiple, varied copies of itself.

Answer 112

A. Intercepts antivirus’s call to the operating system for file and system information.

Question 113

Which of the following best describes the role of the Java Virtual Machine in the execution of Java applets?
A. Coverts the source code into bytecode and blocks the sandbox.
B. Coverts the bytecode into machine level code
C. Operates only on specific processors within specific operating systems
D. Develops the applets, which run in a user’s browser

Answer 113

B. Coverts the bytecode into machine level code

Question 114

What type of database software integrity service guarantees that tuples are uniquely identified by primary key values?
A. Concurrent integrity
B. referential integrity
C. Entity integrity
D. Semantic integrity

Answer 114

C. Entity integrity

Question 115

What is referential integrity?

Answer 115

Refers to all foreign keys referencing existing primary keys.

Question 116

In computer programming, cohesion and coupling are used to describe modules of code.  Which of the following is a favorable combination of cohesion and coupling?
A. Low cohesion, low coupling
B. High cohesion, high coupling
C. low cohesion, high coupling
D. High cohesion, low coupling

Answer 116

D. High cohesion, low coupling

Question 117

What is cohesion in software programming?

Answer 117

Reflects how many different types of tasks a module can carry out. High cohesion means a module carries out 1 basic task.

Question 118

What is coupling in software programming?

Answer 118

Reflects how much interaction one module requires to carry out its tasks.

Question 119

When an organization is unsure of the final nature of the product, what type of system development method is most appropriate for them?
A. Cleanroom
B. Exploratory model
C. Modified prototype method
D. Iterative Development

Answer 119

C. Modified prototype method

Question 120

Which of the following statements does not correctly describe SOAP and Remote Procedure Calls?
A. SOAP was designed to overcome the compatibility and security issues associated with Remote Procedure Calls.
B. Both SOAP and Remote procedure calls were created to enable application layer communication.
C. SOAP enables the use of Remote procedure calls for information exchange between applications over the internet.
D. HTTP was not designed to work with remote procedure calls, but SOAP was designed to work with HTTP.

Answer 120

C. SOAP enables the use of Remote procedure calls for information exchange between applications over the internet.

Question 121

Computer programs that are based on human logic by using "if/then" statements and inference engines are called
A. Expert systems
B. artificial neural networks
C. Distributed computing environment
D. Enterprise java beans

Answer 121

A. Expert systems

Question 122

Which of the following is a correct description of the pros and cons associated with third-generation programming languages?
A. The use of heuristics reduced programming effort, but the amount of manual coding fora specific task is usually more than the preceding generation.
B. The use of syntax similar to human language reduced development time, but the language is resource intensive.
C. The use of binary was extremely time consuming but resulted in fewer errors.
D. The use of symbols reduced programming time, but the language required knowledge of machine architecture.

Answer 122

B. The use of syntax similar to human language reduced development time, but the language is resource intensive.

Question 123

Which of the following is considered the second generation of programming languages?
A. Machine
B. Very high level
C. High level
D Assembly

Answer 123

D Assembly

Question 124

Mary is creating malicious code that will steal a user's cookies by modifying the original client-side java script.  What type of cross-site scripting vulnerability is she exploiting?
A. Second order
B. DOM-based
C. persistent
D. non-persistent

Answer 124

B. DOM-based

Question 125

Of the following steps that describe the development of a botnet, which best describes the step that comes first?
A. Infected server sends attach commands to the botnet
B. Spammer pays a hacker for use of the botnet
C. Controller server instructs infected systems to send spam to mail server.
D. Malicious code is sent out that has bot software as its payload.

Answer 125

D. Malicious code is sent out that has bot software as its payload.

Question 126

Which of the following antivirus detection methods is the most recent to the industry and monitors suspicious code as it executes within the operating system?
A. Behavior blocking
B. fingerprint detection
C. signature based detection
D. heuristic detection

Answer 126

A. Behavior blocking

Question 127

Which of the following describes object oriented programming deferred commitment?
A. autonomous objects, which cooperate through exchanges of messages
B. The internal components of an object can be refined without changing other parts of the system
C. Object oriented analysis, design, and modeling maps to business needs and solutions
D. Other programs using same objects

Answer 127

B. The internal components of an object can be refined without changing other parts of the system

Question 128

_________ provides a machine readable description of the specific operations provided by a specific web service. ________ provides a method for web services to be registered by service providers and located by consumers.
A. Web service description language, universal description, discovery and integration
B. Universal description, discovery and integration, web services description language
C. web services description language, simple object access protocol
D. Simple Object Access Protocol

Answer 128

A. Web service description language, universal description, discovery and integration